iPhone OS for iPod touch

CVEs (20)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2009-1699	OpenSUSE openSUSE	Hig	0.52	7.5	0.09	Jun 10, 2009	The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as…
CVE-2009-1684	Apple Inc. Safari		0.03	—	0.02	Jun 10, 2009	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the…
CVE-2008-3623	Apple Inc. Safari		0.02	—	0.19	Nov 17, 2008	Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…
CVE-2009-1701	Apple Inc. Safari		0.01	—	0.10	Jun 10, 2009	Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)…
CVE-2009-1698	Apple Inc. Safari		0.01	—	0.08	Jun 10, 2009	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to…
CVE-2009-1687	Apple Inc. Safari		0.01	—	0.08	Jun 10, 2009	The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2009-0155	Apple Inc. Mac Os X		0.01	—	0.10	May 13, 2009	Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that…
CVE-2009-0958	Apple Inc. Iphone Os		0.00	—	0.00	Jun 19, 2009	Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers…
CVE-2009-1702	Apple Inc. Safari		0.00	—	0.01	Jun 10, 2009	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and…
CVE-2009-1700	Apple Inc. Safari		0.00	—	0.01	Jun 10, 2009	The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
CVE-2009-1697	Apple Inc. Safari		0.00	—	0.00	Jun 10, 2009	CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site…
CVE-2009-1696	Apple Inc. Safari		0.00	—	0.01	Jun 10, 2009	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
CVE-2009-1691	Apple Inc. Safari		0.00	—	0.01	Jun 10, 2009	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for…
CVE-2009-1689	Apple Inc. Safari		0.00	—	0.01	Jun 10, 2009	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank…
CVE-2009-1688	Apple Inc. Safari		0.00	—	0.01	Jun 10, 2009	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through…
CVE-2009-1685	Apple Inc. Safari		0.00	—	0.01	Jun 10, 2009	Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an…
CVE-2009-1681	Apple Inc. Safari		0.00	—	0.00	Jun 10, 2009	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking"…
CVE-2008-4229	Apple Inc. Iphone Os		0.00	—	0.00	Nov 25, 2008	Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
CVE-2008-4227	Apple Inc. Iphone Os		0.00	—	0.01	Nov 25, 2008	Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by…
CVE-2008-2320	Apple Inc. Mac Os X		0.00	—	0.04	Aug 4, 2008	Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long…

CVE-2009-1699HigJun 10, 2009
OpenSUSE
openSUSE
risk 0.52cvss 7.5epss 0.09
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as…
CVE-2009-1684Jun 10, 2009
Apple Inc.
Safari
risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the…
CVE-2008-3623Nov 17, 2008
Apple Inc.
Safari
risk 0.02cvss —epss 0.19
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…
CVE-2009-1701Jun 10, 2009
Apple Inc.
Safari
risk 0.01cvss —epss 0.10
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)…
CVE-2009-1698Jun 10, 2009
Apple Inc.
Safari
risk 0.01cvss —epss 0.08
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to…
CVE-2009-1687Jun 10, 2009
Apple Inc.
Safari
risk 0.01cvss —epss 0.08
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service…
CVE-2009-0155May 13, 2009
Apple Inc.
Mac Os X
risk 0.01cvss —epss 0.10
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that…
CVE-2009-0958Jun 19, 2009
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers…
CVE-2009-1702Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and…
CVE-2009-1700Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
CVE-2009-1697Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.00
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site…
CVE-2009-1696Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
CVE-2009-1691Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for…
CVE-2009-1689Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank…
CVE-2009-1688Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through…
CVE-2009-1685Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an…
CVE-2009-1681Jun 10, 2009
Apple Inc.
Safari
risk 0.00cvss —epss 0.00
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking"…
CVE-2008-4229Nov 25, 2008
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
CVE-2008-4227Nov 25, 2008
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by…
CVE-2008-2320Aug 4, 2008
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.04
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long…